From c7ae87c4d5241db953d01a59b48278bad334d79e Mon Sep 17 00:00:00 2001
From: Robert Goldmann <deadlocker@gmx.de>
Date: Sun, 14 Jul 2019 10:43:31 +0200
Subject: [PATCH] Fixed #457 - prevent editing of default charts
---
.../budgetmaster/charts/ChartController.java | 10 ++++++
src/main/resources/languages/_de.properties | 2 ++
src/main/resources/languages/_en.properties | 2 ++
.../resources/templates/charts/newChart.ftl | 18 +++++++++--
src/main/resources/templates/error/400.ftl | 32 +++++++++++++++++++
src/main/resources/templates/index.ftl | 1 +
6 files changed, 63 insertions(+), 2 deletions(-)
create mode 100644 src/main/resources/templates/error/400.ftl
diff --git a/src/main/java/de/deadlocker8/budgetmaster/charts/ChartController.java b/src/main/java/de/deadlocker8/budgetmaster/charts/ChartController.java
index 3d1445633..49db6e9e9 100644
--- a/src/main/java/de/deadlocker8/budgetmaster/charts/ChartController.java
+++ b/src/main/java/de/deadlocker8/budgetmaster/charts/ChartController.java
@@ -74,10 +74,20 @@ public class ChartController extends BaseController
}
else
{
+ Chart existingChart = chartService.getRepository().getOne(chart.getID());
+ if(existingChart != null)
+ {
+ if(existingChart.getType() != ChartType.CUSTOM)
+ {
+ return "error/400";
+ }
+ }
+
if(chart.getType() == null)
{
chart.setType(ChartType.CUSTOM);
}
+
chartService.getRepository().save(chart);
}
diff --git a/src/main/resources/languages/_de.properties b/src/main/resources/languages/_de.properties
index a3c483b4a..8792d9715 100644
--- a/src/main/resources/languages/_de.properties
+++ b/src/main/resources/languages/_de.properties
@@ -6,6 +6,7 @@ github.url=https://github.com/deadlocker8/BudgetMaster
# ERRORPAGES
errorpages.home=Zur Startseite
+errorpages.400=Ung�ltige Anfrage.
errorpages.403=Zugriff nicht gestattet.
errorpages.404=Die angegebene Seite konnte nicht gefunden werden.
errorpages.418=I'm a teapot.
@@ -330,5 +331,6 @@ charts.default.categoryBudget=Verbrauch nach Kategorien
chart.new.label.name=Name
chart.new.label.script=Script
+chart.new.info.default=Diese mitgeliefert Diagrammvorlage kann nicht �berschrieben werden, aber du kannst dir den Code ansehen.
chart.type=Typ
chart.actions=Aktionen
\ No newline at end of file
diff --git a/src/main/resources/languages/_en.properties b/src/main/resources/languages/_en.properties
index a0778df47..aeae2ece8 100644
--- a/src/main/resources/languages/_en.properties
+++ b/src/main/resources/languages/_en.properties
@@ -6,6 +6,7 @@ github.url=https://github.com/deadlocker8/BudgetMaster
# ERRORPAGES
errorpages.home=To Homepage
+errorpages.400=Bad request.
errorpages.403=Access denied.
errorpages.404=The requested page doesn't exist.
errorpages.418=I'm a teapot.
@@ -330,5 +331,6 @@ charts.default.categoryBudget=Consumption by categories
chart.new.label.name=Name
chart.new.label.script=Script
+chart.new.info.default=This default chart can\'t be overwritten but you can have a look on how it's implemented.
chart.type=Type
chart.actions=Actions
\ No newline at end of file
diff --git a/src/main/resources/templates/charts/newChart.ftl b/src/main/resources/templates/charts/newChart.ftl
index 083366421..d2035fdce 100644
--- a/src/main/resources/templates/charts/newChart.ftl
+++ b/src/main/resources/templates/charts/newChart.ftl
@@ -39,6 +39,20 @@
<br>
+ <#-- info message if chart is not editable -->
+ <#if (chart.getType().name() == "DEFAULT")>
+ <div class="row no-margin-bottom">
+ <div class="col s12 center-align">
+ <table class="text-color login-message no-border-table">
+ <tr>
+ <td><i class="material-icons">info</i></td>
+ <td id="loginMessage">${locale.getString("chart.new.info.default")}</td>
+ </tr>
+ </table>
+ </div>
+ </div>
+ </#if>
+
<#-- buttons -->
<div class="row hide-on-small-only">
<div class="col s6 right-align">
@@ -46,7 +60,7 @@
</div>
<div class="col s6 left-align">
- <button class="btn waves-effect waves-light budgetmaster-blue" type="submit" name="action">
+ <button class="btn waves-effect waves-light budgetmaster-blue" type="submit" name="action" <#if (chart.getType().name() == "DEFAULT")>disabled</#if>>
<i class="material-icons left">save</i>${locale.getString("save")}
</button>
</div>
@@ -59,7 +73,7 @@
</div>
<div class="row center-align">
<div class="col s12">
- <button class="btn waves-effect waves-light budgetmaster-blue" type="submit" name="buttonSave">
+ <button class="btn waves-effect waves-light budgetmaster-blue" type="submit" name="buttonSave" <#if (chart.getType().name() == "DEFAULT")>disabled</#if>>
<i class="material-icons left">save</i>${locale.getString("save")}
</button>
</div>
diff --git a/src/main/resources/templates/error/400.ftl b/src/main/resources/templates/error/400.ftl
new file mode 100644
index 000000000..03219beb1
--- /dev/null
+++ b/src/main/resources/templates/error/400.ftl
@@ -0,0 +1,32 @@
+<html>
+ <head>
+ <#import "../helpers/header.ftl" as header>
+ <@header.header "BudgetMaster - 400"/>
+ <@header.style "login"/>
+ <#import "/spring.ftl" as s>
+ </head>
+ <body class="budgetmaster-blue-light">
+ <main>
+ <div class="row valign-wrapper full-height">
+ <div class="col l4 offset-l4 m6 offset-m3 s10 offset-s1">
+ <div class="card background-color">
+ <div class="card-content">
+ <div class="card-title">
+ <div id="logo-container" class="center-align"><@header.logo "logo" ""/></div>
+ </div>
+ <div class="row">
+ <div class="col s12 center-align">
+ <h1>❌ 400</h1>
+ <h5>${locale.getString("errorpages.400")}</h5>
+ </div>
+ </div>
+ <div class="center-align">
+ <a href="<@s.url '/'/>" class="waves-effect waves-light btn budgetmaster-blue"><i class="material-icons left">home</i>${locale.getString("errorpages.home")}</a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </main>
+ </body>
+</html>
\ No newline at end of file
diff --git a/src/main/resources/templates/index.ftl b/src/main/resources/templates/index.ftl
index 8a5849404..b8cf8a963 100644
--- a/src/main/resources/templates/index.ftl
+++ b/src/main/resources/templates/index.ftl
@@ -56,6 +56,7 @@
<p class="text-grey home-menu-text">${locale.getString("home.menu.charts")}</p>
<div class="left-align">
<a href="<@s.url '/charts/manage'/>" class="waves-effect btn-flat home-menu-link-item"><i class="material-icons left">play_arrow</i>${locale.getString("home.menu.charts.action.manage")}</a>
+ <br>
<a href="<@s.url '/charts'/>" class="waves-effect btn-flat home-menu-link-item"><i class="material-icons left">play_arrow</i>${locale.getString("home.menu.charts.action.show")}</a>
</div>
--
GitLab